I don't know this never hit me before today, but REG.exe got a shot of steroids after Windows XP. The changes are awesome and I have become so comfortable with how it behaves on Windows 7 that I forgot that /F wasn't available on XP. Damn if that isn't a powerful little feature.
WINDOWS XP
C:\>reg query /?
Console Registry Tool for Windows - version 3.0
Copyright (C) Microsoft Corp. 1981-2001. All rights reserved
REG QUERY KeyName [/v ValueName | /ve] [/s]
KeyName [\Machine\]FullKey
Machine - Name of remote machine, omitting defaults to the current machine Only HKLM and HKU are available on remote machines
FullKey - in the form of ROOTKEY\SubKey name ROOTKEY [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey - The full name of a registry key under the selected ROOTKEY
/v query for a specific registry key ValueName - The name, under the selected Key, to query if omitted, all values under the Key are queried
/ve query for the default value or empty value name <no name>
/s queries all subkeys and values
Examples:
REG QUERY HKLM\Software\Microsoft\ResKit /v Version
Displays the value of the registry value Version
REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /s
Displays all subkeys and values under the registry key Setup
WINDOWS 7
C:\ >reg query /?
REG QUERY KeyName [/v [ValueName] | /ve] [/s] [/f Data [/k] [/d] [/c] [/e]] [/t Type] [/z] [/se Separator]
KeyName [\\Machine\]FullKey
Machine - Name of remote machine, omitting defaults to the current machine. Only HKLM and HKU are available on remote machines
FullKey - in the form of ROOTKEY\SubKey name
ROOTKEY - [ HKLM | HKCU | HKCR | HKU | HKCC ]
SubKey - The full name of a registry key under the selected ROOTKEY
/v Queries for a specific registry key values. If omitted, all values for the key are queried.
Argument to this switch can be optional only when specified along with /f switch. This specifies to search in value names only.
/ve Queries for the default value or empty value name (Default).
/s Queries all subkeys and values recursively (like dir /s).
/se Specifies the separator (length of 1 character only) in data string for REG_MULTI_SZ. Defaults to "\0" as the separator.
/f Specifies the data or pattern to search for. Use double quotes if a string contains spaces. Default is "*".
/k Specifies to search in key names only.
/d Specifies the search in data only.
/c Specifies that the search is case sensitive. The default search is case insensitive.
/e Specifies to return only exact matches. By default all the matches are returned.
/t Specifies registry value data type.
Valid types are: REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_QWORD, REG_BINARY, REG_NONE
Defaults to all types.
/z Verbose: Shows the numeric equivalent for the type of the value name.
Examples:
REG QUERY HKLM\Software\Microsoft\ResKit /v Version
Displays the value of the registry value Version
REG QUERY \\ABC\HKLM\Software\Microsoft\ResKit\Nt\Setup /s
Displays all subkeys and values under the registry key Setup on remote machine ABC
REG QUERY HKLM\Software\Microsoft\ResKit\Nt\Setup /se #
Displays all the subkeys and values with "#" as the seperator for all value names whose type is REG_MULTI_SZ.
REG QUERY HKLM /f SYSTEM /t REG_SZ /c /e
Displays Key, Value and Data with case sensitive and exact occurrences of "SYSTEM" under HKLM root for the data type REG_SZ
REG QUERY HKCU /f 0F /d /t REG_BINARY
Displays Key, Value and Data for the occurrences of "0F" in data under HKCU root for the data type REG_BINARY
REG QUERY HKLM\SOFTWARE /ve
Displays Value and Data for the empty value (Default) under HKLM\SOFTWARE
No comments:
Post a Comment